Skip to content
Industry Insights

What is a Data Breach?

What do Target, Yahoo and Anthem have in common? 

Besides being massive companies, they all suffered data breaches that cost them hundreds of millions of dollars — and many unhappy customers. 

And even if your organization isn’t the same size as these businesses, large-scale data breaches can happen to any organization of any size.

In this guide, you’ll discover all you need to know about data breaches — including how to prevent them — so you can avoid expensive fines, protect your company’s reputation and competitive edge and safeguard your valuable data.

What is a data breach?

A data breach is a cyber security incident where someone intentionally or unintentionally leaks an organization’s sensitive information. Data breaches can happen in any-sized business and often involve confidential data like a company’s intellectual property, trade secrets or customers’ personally identifiable information (PII).

While it’s common to associate data breaches with hackers, 1 in 3 breaches occur due to insiders, and 78% are unintended. Understanding how data breaches happen can help you teach employees and other internal stakeholders how to secure data.

Supporting statistic that most insider data breaches are unintentional (78%) - from the 2021 Aberdeen Report.

How does a data breach happen?

Data breaches occur due to insider threats — i.e., individuals with authorized access to a company’s systems — and external factors like cyber attackers.

Here are a few typical ways data breaches occur:

  • Malicious insiders. Employees or other insiders may use their privileged access to take or leak company data for personal gain, revenge or other negative reasons.

  • Accidental exposure. Not all insider threats are malicious. Employees may unknowingly share information with the wrong parties or expose data through error while trying to operate more efficiently. 

  • Lost or stolen credentials or equipment. Unfortunately, creating strong, complex passwords may not be a priority for all employees. And if someone loses a company device locked by a simple password, bad actors can crack and gain access to company information.

  • Social engineering attacks. Cyber attackers can pose as other employees or vendors and ask employees for information via text or email. In this form of social engineering, called phishing, attackers create a sense of urgency and fear that prompts victims to reveal sensitive information.

  • Malware infections. Some external threats aim to infect company networks or databases with malware to give them unauthorized access to confidential information. Severe incidents might enable point-of-sale (POS) attacks and card skimming, which provide attackers with transaction and payment data. 

  • Lack of encryption. Without encryption — the process of concealing information by altering it to appear as random data — an unauthorized person could access a company’s data.

In recent years, workforce volatility due to frequent job changes, layoffs and hiring freezes has made these threats even more pronounced, so it’s essential for companies to stay vigilant.

Notable data breaches

Some of the world’s most notable data breaches cost millions — or even billions — of dollars:

Date Company Industry Cause of Data Breach Cost to Company
May – July 2017 Equifax Consumer credit reporting A malware infection by Chinese military hackers $1.7 billion
2013 and 2014 Yahoo Internet computer software A spear-phishing email from Russian-sponsored hackers caused the 2014 breach; the cause of the 2013 data breach is still unknown  $350 million
November – December 2013 Target Retailer There were several causes of this data breach: a phishing email, malware and stolen login credentials $202 million
February 2015 Anthem Health insurance Spear-phishing emails $115 million
November 2014 Sony Pictures Electronics A malware infection from a North Korean spy $35 million

Data breach laws

The U.S. and other countries have enacted laws to protect companies and individuals from the negative impact of data breaches. Laws vary from country to country, and in the U.S., from state to state:

  • The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This U.S. federal legislation requires companies to report cyber incidents within 72 hours and ransom payments within 24 hours. Quickly reporting data breaches can help identify and stop perpetrators faster.

  • The California Consumer Privacy Act (CCPA). CCPA is California state legislation from 2018 that gives consumers more control over their data. Under CCPA, consumers have the right to know what personal information businesses collect and how they intend to use it. Californians also have the right to delete personal information and disallow companies from selling it. 

  • General Data Protection Regulation (GDPR). The EU enacted GDPR in 2018 to protect the European Union’s citizens’ personal data. GDPR consists of seven principles related to transparency, limitation, accuracy, confidentiality and accountability. Keeping customers’ identities private decreases the adverse effects of a data breach.

  • CPS 234. In 2019, Australia passed CPS 234 to minimize the impact of security incidents. Under CPS 234, companies must adjust their security capabilities to be “commensurate with the evolving size and extent of the threats to their assets.” CPS 234 has forced organizations to institute information security frameworks and implement a security governance model. 

Laws and regulations can help reduce data risk, but there are other tactics companies can do to lower their chances of a data breach and mitigate them if they happen.

How to prevent data breaches

To help your organization secure data and avoid a data breach, security teams can implement these best practices:

  • Educate employees proactively on data security. Instead of an extended video module plan that staff potentially write off as a yearly “checklist item,” offer employees an interactive program that helps them recognize their risky data behavior.

  • Stay updated on application security and patching. Security administrators can regularly patch and upgrade software to verify that their company isn’t running any compromised code. Routine software library audits can also help minimize the chance of your team missing an employee using an old software package.

  • Identify vulnerabilities and address threats in your network. Proactively finding and fixing weak points in your network can prevent threats from becoming data leaks.

  • Use multi-factor authentication (MFA). MFA is a second layer of protection when someone tries to access company data. It requires a user to know their password and verify their identity with either additional information, something they own like a smartphone or have inherently like a thumbprint.

  • Create a response plan. If a data breach occurs, you can avoid confusion by being ready with important contacts, disclosure strategies and mitigation steps. Ensure that your employees know this plan for proper mobilization before a breach occurs.

  • Implement security software that monitors data movements to untrusted locations. It’s impossible for a security team to have visibility into all data loss events with traditional security software. Protecting data demands software that monitors all data movements and prioritizes alerts to security based on risky user behavior.

Having a plan and abiding by general security hygiene is excellent, but organizations need a new way to protect their data from breaches. That’s where comprehensive data protection software can help.

Avoid data breaches with a robust data protection solution

Data breaches can have devastating consequences, including expensive fines, reputational damage and loss of competitive edge.

Although traditional security software and data policies can offer some protection, they aren’t comprehensive enough to thwart today’s insider and outsider threats. You need security software that monitors all data movement to untrusted locations.

Incydr tracks all file movement in your organization and prioritizes it based on 120+ contextual risk indicators. Administrators receive alerts to high-risk activities and can react with severity-appropriate responses straight from Incydr’s dashboard, stopping data leaks without disrupting employees’ work.

Find out why solutions like Incydr are the fastest-growing data protection and security category when you download Gartner’s IRM Market Guide.

You might also like: